Embed Size (px)
Citation preview
INTRO TO ETHICAL HACKING
MIS 5211.001Week 6
Site: http://community.mis.temple.edu/mis5211sec001f14
/
MIS 5211.001 2
Career Fair
Received the following note:
MIS 5211.001 3
Tonight's Plan
News from ISC2 and ASIS Conference In the news Nessus Next Week
MIS 5211.001 4
In The News
Submitted http://
defensesystems.com/articles/2014/08/15/drones-can-hack-wifi-networks.aspx
http://www.fool.com/investing/general/2014/09/28/home-depot-vs-target-diy-centers-data-breach-was-w.aspx
http://www.scmagazine.com/reports-suggest-home-depot-was-hit-by-the-mozart-malware/article/373976/
http://www.forbes.com/sites/patrickmoorhead/2014/09/29/hewlett-packard-designates-printing-a-first-class-iot-security-platform/
MIS 5211.001 5
In The News
More Bash
http://bits.blogs.nytimes.com/2014/09/26/companies-rush-to-fix-shellshock-software-bug-as-hackers-launch-thousands-of-attacks/?_php=true&_type=blogs&_r=0
https://access.redhat.com/announcements/1210053
http://www.pcworld.com/article/2688932/improved-patch-tackles-new-shellshock-attack-vectors.html
http://www.itnews.com/exploits-vulnerabilities/84263/six-key-defenses-against-shellshock-attacks?source=ITNEWSNLE_nlt_itndaily_2014-09-30
MIS 5211.001 6
In The News
More http://www.joystiq.com/2014/09/30/hackers-c
harged-with-xbox-one-valve-call-of-duty-data-theft/
http://www.ehackingnews.com/2014/09/data-breach-at-tripadvisors-viator.html
http://www.darkreading.com/application-security/how-a-major-bank-hacked-its-java-security/d/d-id/1316216?
http://www.waratek.com/Waratek/media/SiteMedia/Documentation/DataSheet-Waratek-Application-Security-vs-3.pdf
http://www.businessweek.com/news/2014-09-29/supervalu-finds-separate-data-breach-in-computer-network
MIS 5211.001 7
In The News
More http://
www.informationweek.com/cloud/software-as-a-service/amazon-reboots-cloud-servers-xen-bug-blamed/d/d-id/1316093
MIS 5211.001 8
In The News
What I noted http://arstechnica.com/apple/2014/09/apple-p
atches-shellshock-bash-bug-in-os-x-10-9-10-8-and-10-7/
https://threatpost.com/fbi-to-open-up-malware-investigator-portal-to-external-researchers/108590
http://www.dailydot.com/politics/tor-mozilla-firefox/
MIS 5211.001 9
Nessus
Started in 1998 as an open source security scanning tool
Changed to a close sourced tool in 2005, but has remained “free” for personal use.
Surveys by sectools.org indicate Nessus remains the most popular vulnerability scanners
Not installed with Kali
MIS 5211.001 10
The Nessus Server
Four basic parts to the Nessus server: Nessus-core Nessus-libraries Libnasl Nessus-plugins
Plugins
Plugins are the scripts that perform the vulnerability tests.
NASL – This is the Nessus Attack Scripting Language which can be used to write your own plugins.
Defining Targets
Hosts Server.domain.edu 172.21.1.2
Subnet 192.168.100.0
Address range 192.168.1.1-192.168.1.10
Vulnerability Scanning
Scanning methods: Safe Destructive
Service recognition – Will determine what service is actually running on a particular port.
Handle multiple services – Will test a service if it appears on more then one port.
Will test multiple systems at the same time.
Viewing Reports
Nessus will indicate the threat level for services or vulnerabilities it detects: Critical High Medium Low Informational
Description of vulnerability Risk factor CVE number
Common Vulnerabilities and Exposures
CVE created by http://www.cve.mitre.org/ Attempting to standardize the names for
vulnerabilities. CVE search engine at http://icat.nist.gov/
MIS 5211.001 16
Options
MIS 5211.001 17
Options
http://www.tenable.com/products/nessus/select-your-operating-system
MIS 5211.001 18
Nessus Sponsored Training
MIS 5211.001 19
Certification Options
https://store.tenable.com/index.php?main_page=index&cPath=2
MIS 5211.001 20
Architecture
Nessus is built on a classic client/server model.
The server portion may reside on a separate machine, or on the same machine as the client
The client is the interface that you will interact with to execute scans
MIS 5211.001 21
Getting Nessus
Download from Tenable Security http://www.tenable.com/products/nessus/select-y
our-operating-system Before installing, go to registration page
and get the activation code http://www.tenable.com/products/nessus-home
Run the MSI package and follow the prompts
Install will also install PCAP and then take you to the registration page.
Enter activation code and follow the prompts to get updates and plugins
MIS 5211.001 22
Documentation
Documentation for Nessus is available here: http://
static.tenable.com/documentation/nessus_4.2_user_guide.pdf
You will also get a link to this location during the install.
MIS 5211.001 23
AV and Firewalls
You will need to turn off Anti-Virus and Firewall in order to get an effective scan or you will see this:
Before you do this, disconnect from any and all networks.
You will likely still get some blocking as AV doesn’t like to give up.
MIS 5211.001 24
Location
Nessus is installed here:
MIS 5211.001 25
Getting Started
You should end up looking at web page hosted from your machine.
Book mark the page to save time getting back
URL will look like this: https://localhost:8834/html5.html
MIS 5211.001 26
SSL Warning
When you first go to site, you will need to click on continue to the website.:
MIS 5211.001 27
Logging In
Start
MIS 5211.001 28
Policies
Scans are based on policies, you will need to create that first.
MIS 5211.001 29
Policies 2
Next
MIS 5211.001 30
Policies 3
MIS 5211.001 31
There are many more options
MIS 5211.001 32
Creating A Scan
MIS 5211.001 33
Scheduling A Scan
MIS 5211.001 34
Scan Status
Once your scan has started you will see a status field like this:
MIS 5211.001 35
Scan Status
Once completed you will get the following notification:
MIS 5211.001 36
Output From First Scan
MIS 5211.001 37
Clicking on scan gives details
MIS 5211.001 38
Continuing to drill down
MIS 5211.001 39
Good Information
Important to note:
Also
MIS 5211.001 40
Criticality
Note on criticality The “Critical” risk
factor is without any mitigating controls being taken in to account
Vulnerabilities need to be evaluated in context
MIS 5211.001 41
More on Results
These results were obtained, even though Anti-Virus continued blocking multiple techniques.
Consider setting up a scanning machine without any AV or Host Firewall.
MIS 5211.001 42
Organizing Scans
In short order you will gather a large collection of scans
Use the built in folder system to move scans off of the main page
MIS 5211.001 43
Don’t Forget the Info
MIS 5211.001 44
Info Vulnerabilities
The least significant vulnerabilities are classified as “Info” or informational.
These are often very useful in understanding details of the asset being scanned.
MIS 5211.001 45
For Instance
MIS 5211.001 46
Next Week
Mid-Term Will cover weeks 1-5. Will not include
information from tonight Questions will come from the presentation
material Exam will be multiple choice
NetCatPotentially Batch Scripting
MIS 5211.001 47
Questions
?
